Software a bigger security risk than viruses

by James Middleton, © 1995-2002 VNU Business Publications Ltd. All rights reserved

Tuesday, 29th January 2002 - Global exploitation of software vulnerabilities increased by 124 per cent last year, according to industry watchers.

Analysts at mi2g's Intelligence Unit claimed that viruses are on the decline and exploitation of software vulnerabilities is increasing. New viruses fell from 413 in 2000 to 245 in 2001. However, exploitation of software vulnerabilities increased from 1,090 incidents in 2000 to 2,437 in 2001. Steve Trilling, a Symantec representative, said: "With more critical business and government functions conducted online, we could see more 'professional' attackers." Simon Perry, a Computer Associates representative, said: "We haven't seen a virus with a really malicious payload yet. We are probably about 12 or 24 months away from the mother-lode virus."

An mi2g representative added that as new software vulnerabilities are exploited, corporations have to patch up their systems continuously. Computer Economics has estimated the global damage of code attacks at $13.2bn in 2001. The most significant attacks were by worms exploiting software vulnerabilities, such as Code Red ($2.6bn), SirCam ($1.2bn) and Nimda ($635m).

DK Matai, chief executive of mi2g, said: "Why are so many vulnerabilities coming to light? Software vendors have profited from new products without paying adequate attention to long-term quality. The focus on product development from day one has to be on security."